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Nominal unification calculates substitutions that make terms involving binders equal modulo alpha- 
equivalence. Although nominal unification can be seen as equivalent to Miller's higher-order pattern 
unification, it has properties, such as the use of first-order terms with names (as opposed to alpha- 
equivalence classes) and that no new names need to be generated during unification, which set it 
clearly apart from higher-order pattern unification. The purpose of this paper is to simplify a clunky 
proof from the original paper on nominal unification and to give an overview over some results about 
nominal unification. 

1 Introduction 

The well-known first-order unification algorithm by Robinson [ 18 ] calculates substitutions for variables 
that make terms syntactically equal. For example the terms 



can be made syntactically equal with the substitution [X :=g (Y), Z := g (Y)]. In first-order unification 
we can regard variables as "holes" for which the unification algorithm calculates terms with which the 
holes need be "filled" by substitution. The filling operation is a simple replacement of terms for variables. 
However, when binders come into play, this simple picture becomes more complicated: We are no longer 
interested in syntactic equality since terms like 



should unify, despite the fact that the binders a and b disagree. (Following 11191 we write a.t for the term 
where the name a is bound in t, and (?i , t2) for a pair of terms.) If we replace X with term b in ([T]) we 
obtain the instance 



which are indeed two alpha-equivalent terms. Therefore in a setting with binders, unification has to be 
modulo alpha-equivalence. 

What is interesting about nominal unification is the fact that it maintains the view from first-order 
unification of a variable being a "hole" into which a term can be filled. As can be seen, by going from ([I]) 
to ([2]) we are replacing X with the term b without bothering that this b will become bound by the binder. 
This means the operation of substitution in nominal unification is possibly capturing. A result is that 
many complications stemming from the fact that binders need to be renamed when a capture-avoiding 
substitution is pushed under a binder do not apply to nominal unification. Its definition of substitution 
states that in case of binders 



/ (X, X) = ? / (Z, g (7)) 



a. (a, c) « ? b.(X, c) 



(1) 



a. (a, c) 7a b.(b, c) 



(2) 



o(a.t) 



a.o(t) 
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holds without any side-condition about a and a. In order to obtain a unification algorithm that, roughly 
speaking, preserves alpha-equivalence, nominal unification uses the notion of freshness of a name for a 
term. This will be written as the judgement a # t. For example in ([T} it is ensured that the bound name a 
on the left-hand side is fresh for the term on the right-hand side, that means it cannot occur free on the 
right-hand side. In general two abstraction terms will not unify, if the binder form one side is free on the 
other. This condition is sufficient to ensure that unification preserves alpha-equivalence and allows us to 
regard variables as holes with a simple substitution operation to fill them. 

Whenever two abstractions with different binders need to be unified, nominal unification uses the 
operation of swapping two names to rename the bound names. For example when solving the problem 
shown in ([T]), which has two binders whose names disagree, then it will attempt to unify the bodies (a, 
c) and (X, c), but first applies the swapping (a b) to (X, c). While it is easy to see how this swapping 
should affect the name c (namely not at all), the interesting question is how this swapping should affect 
the variable X? Since variables are holes for which nothing is known until they are substituted for, the 
answer taken in nominal unification is to suspend such swapping in front of variables. Several such 
swapping can potentially accumulate in front of variables. In the example above, this means applying 
the swapping (a b) to (X, c) gives the term ((a b)-X, c), where (a b) is suspended in front of X. The 
substitution [X := b] is then determined by unifying the first components of the two pairs, namely a « ? 
(a b)-X. We can extract the substitution by applying the swapping to the term a, giving [X := b\. This 
method of suspending swappings in front of variables is related to unification in explicit substitution 
calculi which use de Bruijn indices and which record explicitly when indices must be raised 0. 

Nominal unification gives a similar answer to the problem of deciding when a name is fresh for a 
term containing variables, say a # (X, c). In this case it will record explicitly that a must be fresh for X. 
(Since we assume a ^ c, it will be that a is fresh for c.) This amounts to the constraint that nothing can be 
substituted for X that contains a free occurrence of a. Consequently the judgements for freshness #, and 
also equality «, depend on an explicit freshness context recording what variables need to be fresh for. 
We will give the inductive definitions for # and rj in Section |2| This method of recording extra freshness 
constraints also allows us to regard the following two terms containing a hole (the variable X) 

a.X « b.X 

as alpha-equal — namely under the condition that both a and b must be fresh for the variable X. This is 
defined in terms of judgements of the form 

{a#X, b#X] ha.X^b.X 

The reader can easily determine that any substitution for X that satisfies these freshness conditions will 
produce two alpha-equivalent terms. 

Unification problems solved by nominal unification occur frequently in practice. For example typing 
rules are typically specified as: 

(x, T)er F\- ti : Ti — > T2 rht 2 :Ti (x, Ti)::ri- t : t 2 x^domF 

"Fi var t-i : : ap P — t — : ' am 

r h x : T r I- t\ t 2 : T 2 T h Ax.t : %\ — > T 2 

Assuming we have the typing judgement h Xy.s : a, we are interested how the lam-rule, the only one 
that unifies, needs to be instantiated in order to derive the premises under which Xy.s is typable. This 
leads to the nominal unification problem 

h Xy.s : o « ? T h Xx.t : X\ — >• T 2 
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which can be solved by the substitution [r := 0, t := (y x) ■ s, o := Z\ — > z%] with the requirement that 
x needs to be fresh for s (in order to stay close to informal practice, we deviate here from the convention 
of using upper-case letters for variables and lower-case letters for names). 

Most closely related to nominal unification is higher-order pattern unification by Miller lfl4l . In- 
deed Cheney has shown that higher-order pattern unification problems can be solved by an encoding to 
nominal unification problems ifl. Levy and Villaret have presented an encoding for the other direction 
lfl2l . However, there are crucial differences between both methods of unifying terms with binders. One 
difference is that nominal unification regards variables as holes for which terms can be substituted in a 
possibly capturing manner. In contrast, higher-order pattern unification is based on the notion of capture- 
avoiding substitutions. Hence, variables are not just holes, but always need to come with the parameters, 
or names, the variable may depend on. For example in order to imitate the behaviour of <[TJ), we have to 
write X a b, explicitly indicating that the variable X may depend on a and b. If we replace X with an 
appropriate lambda-abstraction, then the dependency can by "realised" via a beta-reduction. This results 
in unification problems involving lambda-terms to be unified modulo alpha, beta and eta equivalence. 
In order to make this kind of unification problems to be decidable, Miller introduced restrictions on the 
form of the lambda-terms to be unified. With this restriction he obtains unification problems that are not 
only decidable, but also possess (if solvable) most general solutions. 

Another difference between nominal unification and higher-order pattern unification is that the for- 
mer uses first-order terms, while the latter uses alpha-equivalence classes. This makes the implementa- 
tion of higher-order pattern unification in a programming language like ML substantially harder than an 
implementation of nominal unification. One possibility is to implement elements of alpha-equivalence 
classes as trees and then be very careful in the treatment of names, generating new ones on the fly. An- 
other possibility is to implement them with de-Bruijn indices. Both possibilities, unfortunately, give rise 
to rather complicated unification algorithms. This complexity is one reason that higher-order unification 
has up to now not been formalised in a theorem prover, whereas nominal unification has been formalised 
twice |[T9l [Toll . One concrete example for the higher-order pattern unification algorithm being more 
complicated than the nominal unification algorithm is the following: higher-order pattern unification has 
been part of the infrastructure of the Isabelle theorem prover for many years [ 17 1. The problem, unfortu- 
nately, with this implementation is that it unifies a slightly enriched term-language (which allows general 
beta-redexes) and it is not completely understood how eta and beta equality interact in this algorithm. 
A formalisation of Isabelle's version of higher-order pattern unification and its claims is therefore very 
much desired, since any bug can potentially compromise the correctness of Isabelle. 

In a formalisation it is important to have the simplest possible argument for establishing a property, 
since this nearly always yields a simple formalisation. In |fT9l we gave a rather clunky proof for the 
property that the equivalence relation « is transitive. This proof has been slightly simplified in [8 ]. The 
main purpose of this paper is to further simplify this proof. The idea behind the simplification is taken 
from the work of Kumar and Norrish who formalised nominal unification in the HOL4 theorem prover 
ifTOl . but did not report about their simplification in print. After describing the simpler proof in detail, we 
sketch the nominal unification algorithm and outline some results obtained about nominal unification. 

2 Equality and Freshness 

Two central notions in nominal unification are names, which are called atoms, and permutations of atoms. 
We assume in this paper that there is a countably infinite set of atoms and represent permutations as finite 
lists of pairs of atoms. The elements of these lists are called swappings. We therefore write permutations 
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as (ai b\) {fii h?) ... (a n b n ); the empty list [] stands for the identity permutation. A permutation % 
acting on an atom a is defined as 

{ci2 if 71 ■ a = a\ 
a\ if % ■ a = c?2 
% ■ a otherwise 

where [a\ a-i)::% is the composition of a permutation followed by the swapping (a\ a^). The composition 
of 71 followed by another permutation % ' is given by list-concatenation, written as % ' @ %, and the inverse 
of a permutation is given by list reversal, written as n~ . 

The advantage of our representation of permutations-as-lists-of-swappings is that we can easily cal- 
culate the composition and the inverse of permutations, which are basic operations in the nominal unifica- 
tion algorithm. However, the list representation does not give unique representatives for permutations (for 
example (a a) ^ []). This is is different from the usual representation of permutations given for example 
in |9j. There permutations are (unique) bijective functions from atoms to atoms. For permutations-as- 
lists we can define the disagreement set between two permutations as the set of atoms given by 

def 

ds 71 % = {a | 71 ■ a ^ Tl' ■ a} 

and then regard two permutations as equal provided their disagreement set is empty. However, we do not 
explicitly equate permutations. 

The purpose of unification is to make terms equal by substituting terms for variables. The paper lfl9l 
defines nominal terms with the following grammar: 

trm ::= () Units 
(t u t 2 ) Pairs 
ft Function Symbols 

a Atoms 
a.t Abstractions 
71 -X Suspensions 

In order to slightly simplify the formal reasoning in the Isabelle/HOL theorem prover, the function sym- 
bols only take a single argument (instead of the usual list of arguments). Functions symbols with multiple 
arguments need to be encoded with pairs. An important point to note is that atoms, written a, b, c, . . . , 
are distinct from variables, written X, Y, Z, . . . , and only variables can potentially be substituted during 
nominal unification (a definition of substitution will be given shortly). As mentioned in the Introduction, 
variables in general need to be considered together with permutations — therefore suspensions are pairs 
consisting of a permutation and a variable. The reason for this definition is that variables stand for un- 
known terms, and a permutation applied to a term must be "suspended" in front of all unknowns in order 
to keep it for the case when any of the unknowns is substituted with a term. 

Another important point to note is that, although there are abstraction terms, nominal terms are 
first-order terms: there is no implicit quotienting modulo renaming of bound names. For example the 
abstractions a.t and b.s are not equal unless a = b and t = s. This has the advantage that nominal 
terms can be implemented as a simple datatype in programming languages such as ML and also in the 
theorem prover Isabelle/HOL. In |[T9l a notion of equality and freshness for nominal terms is defined 
by two inductive predicates whose rules are shown in Figure [T] This inductive definition uses freshness 
environments, written V, which are sets of atom-and-variable pairs. We often write such environments 
as {a\ #X\, . . . , a n # X n }. Rule («-abstraction2) includes the operation of applying a permutation to a 
nominal term, which can be recursively defined as 
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Vha#?i V h a # * 2 Vhfl#( 
-(#-unit) (#-pair) (#-f unction symbol) 



Vhfl#{) V\-a#(h,t 2 ) Vha#/f 

Vha#t a^b 
-(#-abstractioni) (#-abstraction2) 



V\-a#a.t Vha#b.t 

a^b (7T~ 7 • a, X) G V 

(#-atom) (#-suspension) 

Vha#b Vha#7T-X 

V h ?i ps f 2 V h ii « s 2 V h ?! « f 2 
-(ps-unit) — (ps-pair) (ps-function symbol) 



Vh()«() Vh <?!,*!> PS <? 2 ,s 2 > Vh/?!PS/? 2 

V I- ?i ps t 2 a^bVha#t 2 V h t\ ps (a fe) • t 2 

(ps-abstractionO (ps-abstraction2) 

V h a.?i ps a.?2 V h a.?! ps Z?.? 2 

Vcedsnn'. (c,x) eV 
(ps-atom) (ps-suspension) 



Vha^a Vh 71-Xps n'-X 

Figure 1: Inductive definitions for freshness and equality of nominal terms. 

MO) = 

n-((t h t 2 }) = (n-h,n-t 2 ) 

n -{Ft) = F(n-t) 

n ■ (x'-X) = J (tt @ n')-X 

K ■ (a. t) = (71 • a). (x ■ t) 

where the clause for atoms is given in ([2]). Because we suspend permutations in front of variables (see 
penultimate clause), it will in general be the case that 

x-t^x'-t (3) 

even if the disagreement set of % and %' is empty. Note that permutations acting on abstractions will 
permute both, the "binder" a and the "body" t. 

In order to show the correctness of the nominal unification algorithm in fl9l . one first needs to 
establish that ps is an equivalence relation in the sense of 

(i) V h t ps t (reflexivity) 

(ii) V h t\ ps t 2 implies V h t 2 ps t\ (symmetry) 
(in) V h t\ ps t 2 and V h t 2 ps ? 3 imply V h t\ ps ? 3 (transitivity) 

The first property can be proved by a routine induction over the structure of t. Given the "unsymmetric" 
formulation of the (ps-abstraction2) rule, the fact that ps is symmetric is at first glance surprising. Fur- 
thermore, a direct proof by induction over the rules seems tricky, since in the (ps-abstraction2) case one 
needs to infer V 1- t 2 ps {b a) ■ t\ from Vh (ab) ■ t 2 ps t\. This needs several supporting lemmas about 
freshness and equality, but ultimately requires that the transitivity property is proved first. Unfortunately, 
a direct proof by rule-induction for transitivity seems even more difficult and we did not manage to find 
one in fT9l . Instead we resorted to a clunky induction over the size of terms (since size is preserved 
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under permutations). To make matters worse, this induction over the size of terms needed to be loaded 
with two more properties in order to get the induction through. The authors of [8] managed to split up 
this bulky induction, but still relied on an induction over the size of terms in their transitivity proof. 

The authors of [ 10] managed to do considerably better. They use a clever trick in their formalisation 
of nominal unification in HOL4 (their proof of equivalence is not shown in the paper). This trick yields 
a simpler and more direct proof for transitivity, than the ones given in lfl9l [8 ] . We shall below adapt the 
proof by Kumar and Norrish to our setting of (first-order) nominal term^] First we can establish the 
following property. 

Lemma 1. IfV\-a#t then also V h (it ■ a) # (it ■ t), and vice versa. 

The proof is by a routine induction on the structure of t and we omit the details. Following |[T9l we can 
next attempt to prove that freshness is preserved under equality (Lemma [3] below). However here the 
trick from [10] already helps to simplify the reasoning. In [10] the notion of weak equivalence, written 
as ~, is defined as follows 

()~() a~a ft~ft' 

t\ ~ S\ ?2 ~ s 2 t~t ds It It' = 

{h, h) ~ {si, S2) a.t^a.t' it-X ~ it'-X 

This equivalence is said to be weak because two terms can only differ in the permutations that are 
suspended in front of variables. Moreover, these permutations can only be equal (in the sense that is their 
disagreement set must be empty). One advantage of this definition is that we can show 

it ■ t ~ it' ■ t provided ds it it' = (4) 

by an easy induction on t. As noted in Q, this property does not hold when formulated with =. It is also 
straightforward to show that 

Lemma 2. 

(i) If V h a # t\ and t\ ~ t% then V h a # t%. 

(ii) If V h ?i ~ ?2 and tj ~ h then V h t\ ~ t$. 

by induction over the relations ~ and «, respectively. The reason that these inductions go through with 
ease is that the relation ~ excludes the tricky cases where abstractions differ in their "bound" atoms. 
Using these two properties together with ([4]), it is straightforward to establish: 

Lemma 3. If V h ti w ti and V h a # t\ then V h a # ti- 

Proof. By induction on the first judgement. The only interesting case is the rule («-abstraction2) where 
we need to establish V \- a # d.t^ from the assumption (*) V h a # c.t\ with the side-conditions c ^ 
d and a ^ d. Using these side-condition, we can reduce our goal to establishing V h a # ?2- We can 
also discharge the case where a = c, since we know that V h c # t% holds by the side-condition of (»- 
abstraction2). In case a / c, we can infer V h a # t\ from (*), and use the induction hypothesis to 
conclude with V h a # (c d) ■ t%. Using Lemma[T]we can infer that V h (c d) ■ a # (c d)(c d) ■ ?2 holds, 
whose left-hand side simplifies to just a (we have that a ^ d and a ^ c). For the right-hand side we 
can prove (c d)(c d) ■ ?2 ~ h, since ds ((c d)(c d)) [] = 0. From this we can conclude this case using 
Lemma [2^0- O 

'Their formalisation in HOL4 introduces an indirection by using a quotient construction over nominal terms. This quotient 
construction does not translate into a simple datatype definition for nominal terms. 
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The point in this proof is that without the weak equivalence and without Lemma |2j we would need to 
perform many more "reshuffles" of swappings than the single reference to ~ in the proof above |[T9ll . 
The next property on the way to establish transitivity proves the equivariance for «. 

Lemma 4. If V h t\ « t% then V h 71 • t\ « 71 • ?2- 

Also with this lemma the induction on « does not go through without the help of weak equivalence, 
because in the (?»-abstraction2)-case we need to show that V h K • t\ « 71 • (a ft) • ?2 implies V h 71 • ?i 
(7T-a 7T-ft) ■ % ■ tz- While it is easy to show that the right-hand sides are equal, one cannot make use of 
this fact without a notion of transitivity. 

Proof. By induction on The non-trivial case is the rule (^-abstraction) where we know V h 71 ■ t\ 
rj % • (a ft) ■ tz by induction hypothesis. We can show that % @ (a ft) ■ t% ~ [%-a %-b) @ 7C • ?2 holds 
(the corresponding disagreement set is empty). Using Lemma |2|n'), we can join both judgements and 
conclude with V h % ■ t\ ss (%-a %-b) ■ % • t%. □ 

The next lemma relates the freshness and equivalence relations. 

Lemma 5. If VaGds % %' . V h a # t then V h % ■ t ~ %' ■ t, and vice versa. 

Proof. By induction on t generalising over the permutation %' . The generalisation is needed in order to 
get the abstraction case through. □ 

The crucial lemma in iflOl . which will allow us to prove the transitivity property by a straightforward 
rule induction, is the next one. Its proof still needs to analyse several cases, but the reasoning is much 
simpler than in the proof by induction over the size of terms in |[T9Tl . 

Lemma 6. If V h t\ w t2 and V h t<i « n ■ t<i then V h t\ w 7C • ?2- 

Proof. By induction on the first ^-judgement with a generalisation over %. The interesting case is («- 
abstraction2). We know V h b.t2 ~ (tt • fc).(^ • ?2) and have to prove V h a.t\ w (7T • • ^2) with a 
7^ ft. We have to analyse several cases about a equal equal with % ■ b, and b being equal with 71 ■ b. Let 
us give the details for the case a 7^ % ■ b and b 7^ 71 • b. From the assumption we can infer (*) V h b # 7T 
• ?2 and (**) V h ?2 ~ (b Tt-b) ■ It • ti. The side-condition on the first judgement gives us V h a # t% We 
have to show V h a # 7T • t% and V h t\ w (a 7T-ft) • 71 • ?2- To infer the first fact, we use V h a # ^ together 
with (**) and Lemmas [5] and [I] For the second, the induction hypothesis states that for any n we have V 
h t\ 7H % • (a b) ■ ?2 provided V h [a b) • ?2 ~ n • (a ft) • ?2 holds. We use the induction hypothesis with 

the permutation % = (a %-b) @ n @ (a ft). This means after simplification the precondition of the IH 
we need to establish is (***) V h (a ft) • ?2 ~ (0 K-b) ■ % ■ t%. By Lemma[5]we can transform (**) to Vc 
<E ds [] ((ft, % -ft) @ 7r). V h c # ?2- Similarly with (***). Furthermore we can show that 

ds (a ft) ((a K-b) @ n) Qds [} ((ft %-b) @ n) U {a, 7C-ft} 

holds. This means it remains to show that V h a # ?2 (which we already inferred above) and V h %-b # ti 
hold. For the latter, we consider the cases ft = 71 • % ■ ft and ft 7^ 71 • 71 • ft. In the first case we infer V h 
K-b # f2 from (*) using Lemma[T] In the second case we have that n ■ ft G ds [] ((ft K-b) @ n). So finally 
we can use the induction hypothesis, which simplified gives us V h t\ (a K-b) ■ % ■ ti as needed. □ 

With this lemma under our belt, we are finally in the position to prove the transitivity property. 
Lemma 7. If V h t\ w ti and V h tz sa t^ then V h t\ ~ ?3. 
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Proof. By induction on the first judgement generalising over t^. We then analyse the possible instances 
for the second judgement. The non-trivial case is where both judgements are instances of the rule («- 
abstraction). We have V h t\ « (a b) ■ t% and (*) V h ti « (b c) • t<$ with a, b and c being distinct. 
We also have (**) V h a # t 2 and (***) V h b # £3. We have to show V h a # and V h t\ m {a c) • 
?3. The first fact is a simple consequence of (*) and the Lemmas [I] and [5] For the other case we can use 
the induction hypothesis to infer our proof obligation, provided we can establish that V h (a b) • t<i « 
(a c) • ?3 holds. From (*) we have V h (a b) ■ ti « [a b)(b c) ■ t% using Lemma [4] We also establish 
that V h (a b)(b c) ■ t3 sa (b c)(a b)(b c) ■ holds. By Lemma [5] we have to show that all atoms in the 
disagreement set are fresh w.r.t. tj. The disagreement set is equal to {a, b}. For b the property follows 
from (***). For a we use (*) and (**). So we can use Lemma[6]to infer (****) V h (a b) ■ ?2 ~ (b c){a 
b){b c) ■ ?3. It remains to show that V h (a b) ■ t% w (a c) ■ tj holds. We can do so by using (****) and 
Lemma[2j and showing that (b c)(a b){b c) ■ tj ~ (a c) • t$ holds. This in turn follows from the fact that 
the disagreement set ds {{b c){a b)(b c)) (a c) is empty. This concludes the case. □ 

Once transitivity is proved, reasoning about w is rather straightforward. For example symmetry is a 
simple consequence. 

Lemma 8. If V h t\ « t% then V h t 2 ~ h ■ 

Proof. By induction on In the («-abstraction2) we have V h (a b) ■ t% w t\ and need to show V h 
?2 » (b a) ■ t\. We can do so by inferring V h (b d)[a b) ■ ti w (b a) ■ t\ using Lemma|4] We can also 
show V h (b a)(a b) ■ ti w ?2 using Lemma |5] We can join both facts by transitivity to yield the proof 
obligation. □ 

To sum up, the neat trick with using ~ from [10] has allowed us to give a direct, structural, proof for 
equivalence of The formalisation of this direct proof in Isabelle/HOL is approximately half the size 
of the formalised proof given in |fl9l . 



3 An Algorithm for Nominal Unification 

In this section we sketch the algorithm for nominal unification presented in [ 19 ]. We refer the reader to 
that paper for full details. 

The purpose of nominal unification algorithm is to calculate substitutions that make terms «-equal. 
The substitution operation for nominal terms is defined as follows: 

a 

{71 ■ o(X) if X G dom a 
K-X otherwise 
a.o(t) 

(0(h), o{t 2 )) 
fait) 

There are two kinds of problems the nominal unification algorithms solves: 

ti « ? ?2 a # ? t 



a (a) 


clef 


o(k-X) 


def 


o(a.t) 


def 






def 


Gift) 


def 
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The first are called equational problems, the second freshness problems. Their respective interpretation 
is "can the terms t\ and t 2 be made equal according to w?" and "can the atom a be made fresh for 
t according to #?". A solution for each kind of problems is a pair (V, a) consisting of a freshness 
environment and a substitution such that 

V h a(ti) « a{t 2 ) Vha#a(t) 

hold. Note the difference with first-order unification and higher-order pattern unification where a solution 
consists of a substitution only. An example where nominal unification calculates a non-trivial freshness 
environment is the equational problem 

a.X w ? b.X 

which is solved by the solution ({a # X, b # X}, []). Solutions in nominal unification can be ordered 
so that the unification algorithm produces always most general solutions. This ordering is defined very 
similar to the standard ordering in first-order unification. 

The nominal unification algorithm in [ 19 ] is defined in the usual style of rewriting rules that transform 
sets of unification problems to simpler ones calculating a substitution and freshness environment on the 
way. The transformation rule for pairs is 

t%) « ? (si,s 2 ), ...} => {h ~ ? si, t 2 « ? s 2 , ...} 

There are two rules for abstractions depending on whether or not the binders agree. 

{a.t ~ ? a.s, ...} ==>• {t ~ ? s, . . . } 

{a.t ~ ? b.s, . . . } ==>■ {t ~ ? (a b) • s, a # ? s, . ..} 

One rule that is also interesting is for unifying two suspensions with the same variable 

{71-Xm- jc'-X,...} => X\ a G ds n it 1 } U {. . .} 

What is interesting about nominal unification is that it never needs to create fresh names. As can be 
seen from the abstraction rules, no new name needs to be introduced in order to unify abstractions. It 
is the case that all atoms in a solution, occur already in the original problem. This has the attractive 
consequence that nominal unification can dispense with any new-name-generation facility. This makes 
it easy to implement and reason about the nominal unification algorithm. Clearly, however, the running 
time of the algorithm using the rules sketched above is exponential in the worst-case, just like the simple- 
minded first-order unification algorithm without sharing. 



4 Applications and Complexity of Nominal Unification 

Having designed a new algorithm for unification, it is an obvious step to include it into a logic program- 
ming language. This has been studied in the work about aProlog [5] and aKanren [1]. The latter is 
a system implemented on top of Scheme and is more sophisticated than the former. The point of these 
variants of Prolog is that they allow one to implement inference rule systems in a very concise and declar- 
ative manner. For example the typing rules for simply-typed lambda-terms shown in the Introduction can 
be implemented in aProlog as follows: 
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Nominal Unification Revisited 



type (Gamma, var (X) , T) :- member (X,T) Gamma. 

type (Gamma, app(M,N), T2) :- 

type (Gamma, M, arrow(Tl, T2)), type (Gamma, N, Tl). 

type (Gamma, lam(x.M) , arrow(Tl, T2)) / x # Gamma :- 
type ( (x, Tl) :: Gamma, M, T2). 

member X X::Tail. 

member X Y::Tail :- member X Tail. 

The shaded boxes show two novel features of aProlog. Abstractions can be written as x . (— ); but note 
that the binder x can also occur as a "non-binder" in the body of clauses — just as in the clauses on 
"paper." The side-condition x # Gamma ensures that x is not free in any term substituted for Gamma. 
The novel features of aProlog and aKanren can be appreciated when considering that similarly simple 
implementations in "vanilla" Prolog (which, surprisingly, one can find in textbooks 1 15]) are incorrect, 
as they give types to untypable lambda-terms. An simple implementation of a first-order theorem prover 
in aKanren has been given in ifToll . 

When implementing a logic programming language based on nominal unification it becomes impor- 
tant to answer the question about its complexity. Surprisingly, this turned out to be a difficult question. 
Surprising because nominal unification, like first-order unification, uses simple rewrite rules defined over 
first-order terms and uses a substitution operation that is a simple replacement of terms for variables. One 
would hope the techniques from efficient first-order unification algorithms carry over to nominal unifi- 
cation. This is unfortunately only partially the case. Quadratic algorithms for nominal unification were 
obtained by Calves and Fernandez OH and independently by Levy and Villaret [13 ]. These are the best 
bounds we have for nominal unification so far. 



5 Conclusion 

Nominal unification was introduced in |[T9l . It unifies terms involving binders modulo a notion of alpha- 
equivalence. In this way it is more powerful than first-order unification, but is conceptually much simpler 
than higher-order pattern unification. Unification algorithms are often critical infrastructure in theorem 
provers. Therefore it is important to formalise these algorithms in order to ensure correctness. Nomi- 
nal unification has been formalised twice, once in |fl9l in Isabelle/HOL and another in [ 10] in HOL4. 
The latter formalises a more efficient version of nominal unification based on triangular substitutions. 
The main purpose of this paper is to simplify the transitivity proof for rj. This in turn simplified the 
formalisation in Isabelle/HOL. 

There have been several fruitful avenues of research that use nominal unification as basic building 
block. For example the work on aLeanTap lIToTl . There have also been several works that go beyond the 
limitation of nominal unification where bound names are restricted to be constant symbols that are not 
substitutable ifTTl loTl. 
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